PT-2007-6056 · Focus · Focus/Sis

The Tiger

·

Publicado

2007-09-18

·

Atualizado

2011-08-22

·

CVE-2007-4942

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Focus/SIS version 1.0
Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter. This is a different vector from other known issues.
Recommendations For Focus/SIS version 1.0, consider restricting access to the modules/Discipline/StudentFieldBreakdown.php file to minimize the risk of exploitation. Avoid using the FocusPath parameter in URLs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2007-4942

Produtos afetados

Focus/Sis